Android's Wifi backup feature is neither new, unique nor dangerous

If you let Google back up your Wifi passwords, then Google has your Wifi passwords

The Internet has worked itself up into a bit of a tizzy over the weekend about an innocuous system-level feature that’s been around since Android 2.2 Froyo. The “Back up my data” option — found under “Settings>Backup & reset” on most Android phones — allows certain stuff, including Wifi passwords, to be backed up to the cloud. The current setting label reads:

“Back up application data, Wi-Fi passwords and other settings to Google servers.”

And that’s exactly what it does. Uncheck the box and you’re informed that Google’s copy of the data will be purged from its servers, as it should be.

The checkbox is presented to users during the setup process, and the label is very clear about what will happen if you leave it enabled. The reason for the feature’s presence is also plain to see — it’s supposed to make the process of setting up new devices a little quicker by pulling down your personal settings and network details from the cloud. Yes, including your Wifi password.

If you’re not comfortable with Google keeping a copy of your stuff, simply uncheck the box. Same deal if you change your mind after the fact — uncheck the box, and Google’s copy of your Wifi passwords goes up in smoke. It’s been that way since the feature was first introduced some three years ago.

But in light of the recent controversy over government surveillance, the story seems to have taken on a new angle, with articles appearing suggesting Google is creating a vast database of all the world’s Wifi passwords in one convenient, NSA-accessible place.

While it’s true that Google, as an American company, could be compelled to surrender this data to the authorities, Wifi passwords are perhaps some of the least sensitive bits of data stored with your Google account. Next to the wealth of very personal information with which Google is entrusted, Wifi passwords, easily changed and easily removed from Google’s servers, are a minor detail.

Were Google collecting this stuff covertly through Android, it’d be a more serious matter. But the data backup feature is plain to see whenever you set up any Android device, while being easy to disable at any time. And that’s exactly what it is — a backup. You’re not giving Google permission to sniff around your networks independently using these details.

In a statement given to Ars Technica in July, a Google spokesperson said that the personal backup data is “encrypted in transit,” but couldn’t speak to whether it was encrypted on Google’s servers. From an anti-snooping perspective, though, the question of whether it’s encrypted “at rest” is mostly academic. Unless extraordinary measures were taken, Google would surely have the means to decrypt it, and would be required by law to do so. Perhaps more to the point, if a government agency really wants to surveil your home network, they probably don’t need Google’s help to do so.

It’s also worth noting that the situation with regards to storing Wifi passwords in the cloud is by no means limited to Android — Apple’s iOS stores Wifi details (among other things) in iCloud backups. That’s why restoring an iPhone also brings back your Wifi passwords. Microsoft’s Windows 8 has a similar feature, too. As more of us juggle multiple devices, this kind of thing is going to become more common.

So as with many other Android “security” scares, we’re not going to lose any sleep over Google’s backing-up of our network details. But if you’d rather opt out, you’re just one checkbox away, just as you have been for the past three years.

I feel like my dad has set up a secure enough network that even the NSA can't access. First, the network isn't broadcasting it's name. Second, he uses a white-list for devices that can connect to anything on the network. It's a pain to bring a new device home because you need to wait for him to come home and add the device to the list.

Networks with hidden SSIDs can be easily found with software such as InSSIDer.

Once a hacker gets far enough to see the wifi traffic (even if it won't let them actually 'connect'), they can then see the MAC addresses of all the devices that are on the network. They can then easily spoof a MAC address to get them onto the network, surpassing any mac address white list.

Hidden SSIDs and mac address filtering are a little extra security to keep your neighbors out, but any average hacker can easily get past.

Geez, guy, no need to berate the poor kid. He's talking about how his dad set up his home wi-fi network, not claiming to be a security expert. Sure, the NSA can probably bypass that, but couldn't you explain that nicely instead of being an immature arse?

Say your Dad Networking level is 100 there are people out there who are god like in power.. more like level 9000. You can never imagine how good they are. They are so powerful and unstoppable and they don't even see your Dad's setup as having a Security.

My Advise.. Life is like a video game... Level up yourself.. Go to school and keep learning. Your post alone here contains some knowledge and this already makes you Level 29; you already have a good start.

Hiding an SSID doesn't secure the network, nor does "white listing" or MAC filtering as it is called. A MAC address can be sniffed and spoofed at will. Even encrypted traffic has to have it's MAC address visible in plain text for every packet, otherwise layer 2 breaks.

WPA2 encryption itself is way more secure than either turning off SSID broadcast and MAC filtering. Bypassing the latter 2 is very trivial. To the point that as long as you have strong encryption it is pointless to use the other two as a security measure. Not to say that encryption isn't susceptible to hacking either.

Here's the thing: There are millions of people using this feature. I highly doubt Google or the NSA will come to your location and connect to your WiFi network, unless of course, you did something illegal.

They monitor people from their own offices. They aren't going to waste time coming to your house, parking on your street, and waiting for you to get on the Internet and watch what you do unless they have a very good reason.

Hey you providing the password and router SSID is much easier than driving the Google street view car around everywhere and simply jacking them! Geezzzzzz and it saves gas which saves the planet! You think the people would be happy for once?! LMAO! :p

Uhh. Google has done this since the release of 4.2 I've never had any problems. Flash new ROM. Sign-in. All apps download, passwords, browser history, pics, everything syncs. I'm wondering if Titanium backup is messing with Google's backup. It even saves data and settings within apps (if they were programmed correctly by the developer). I'm not sure why it's not working for you. Check the "backup & reset" options in the settings menu. And when you first start a new ROM, select "Yes, I want to restore all my apps and data"

That's weird. The backup service has restored my wi-fi configs every time I've loaded a ROM except for when I switched from CM to a Touchwizz ROM. Once I went back to CM, it restored the config perfectly.

I never really got how the backup DATA worked. every time I change roms it only restores the app, not the actual data from the app.
I have to resort to third party backups.
Is this how it's intented to work?

When I first enabled this feature, I thought it was the most convenient thing in the world, especially when it comes to trying out new roms and the data wipes that usually come with it. I wasn't worried about security issues then, still not worried now. Of course I understood that you're backing up your wifi password, it states so in plain black-and-white and lets you choose not to enable it.

Of course, if you have it enabled already, you can easily disable it and then change your wifi password. The issue is with everyone else's wifi passwords that you shared with google. Part of good wifi security is changing your password on a regular basis, but if people actually followed good security practices then Windows wouldn't have gotten its reputation as a security nightmare.

All I know is that I received 2 replacement devices in July/August 2013. Then another in late August. Once I logged into my Google Play Account, most of my apps and the data reappeared on my current device. This included wi-fi passwords.

For my home networks (I have 2) I change the passwords periodically anyway.

There's one case to be concerned about saved wi-fi passwords. This saves the password for corporate wi-fi too. That's a little bit more important than a home wi-fi network. Google should at least give us more control over what it saves.

I think it's reasonable if you want to take the risk for the convenience, I'm glad there's a choice. But ridiculing people for being paranoid about security when personal data is regularly pillaged from large corps? I wouldn't call that paranoid, so much as justified.

This is just ONE MORE reason that root won't be required. Before this, I had to backup wifi access points with Titanium backup and that required root. Now if I could just tether my unlimited plan without root (unless you're one of the select few who can use FoxFi) and the ability to do an entire system backup (like android) the only reason left to Root would be custom ROM.

First, obviously Google doesn't always delete the WiFi passwords after unchecking the box. Second, maybe your WiFi is of no interest for any type of secret service – but using this feature for company WiFi is highly dangerous. Third, Apple encrypts the data for backup on device and only then transfers the encrypted passwords into the cloud. For restoring you need the password you set for encryption. Apple cannot decrypt anything (as long as they implemented the algorithms without any faults).

So please: Don't pretend this not being a problem. It's quite a big problem, and Google could change this easily by just prompting for a password for encryption prior to uploading the backup.

If the data was encrypted on the device, and the private key (the part required for decryption) was only ever stored on the device, then you wouldn't be able to use the backed up data on a different device, making the backup *completely* worthless.

Not to mention this would become annoying, since these kinds of backups happen frequently, and usually while you're not using the phone. I *could* see an advantage to Google making it an optional thing, where you put in the password used to generate the hash used as a private key. I suspect, though, that a lot of people would forget their password ;)

Also, what is your source for this piece of information: "obviously Google doesn't always delete the WiFi passwords after unchecking the box" ? I don't see it being "obvious" at all, since everything from Google states the opposite.

Now, if you use a corporate WiFi, and they have a problem with it getting backed up to Google's server, that something to take up with your employer.

It really *isn't* an problem. Of all the data I willingly surrender to Google, my WiFi password is the least of my worries.

As many others have said, if the NSA wants my information, they're not going to drive to my apartment and attach to my WiFi network to get it. They can already get it with a couple of keystrokes.

I think the wifi password issue is a valid concern. We have nothing but halfhearted assurances from Google about the security of the process and "Apple does it too!" is meaningless fanboy dreck. I still use backup on my S3, but I have no illusions about it being a secure process. Only a fool would actually "trust" a corporation like Google or any other, especially in light of recent events.

If you're referring to the Prism/NSA stuff, I don't think it's a "trust" issue with Google directly. Most of the big internet-based service providers have admitted that they have been (literally) forced to comply with this stuff and prevented from talking about it under threat of charges of treason.

Our problem, here, is not Google/Yahoo/AOL/Apple/Facebook/etc. Our problem is a gestapo government who thinks they have a right to do anything they like, so long as it's in the name of "providing security".

That said, the WiFi backup thing really shouldn't concern you so much. If the NSA wants your info, they're not going to drive all the way to your home and log onto your WiFi network to get it. They'll just send "tasking" orders to the router at your ISP to have the information routed to them at the comfort of their own offices.

I'm not worried about it, but it's perfectly valid to question Google about this and every other service they offer despite the author of the article urging everyone to essentially shut up and stop thinking about it. The conclusion that it's perfectly innocent is not based on any actual facts that I'm aware of. It probably is (I still use it), but no one outside of Google actually knows that for certain.

It's true that the NSA can get anything they want given enough time, but that doesn't mean that we should stop asking questions and demanding answers both from the government and the companies we entrust with our data.

What question is it that you're wanting answered? Whether or not this data is deleted if you uncheck the box? Technically, Google has already answered that question, since the message box says that it will be. If you don't trust that, then what additional assurance would you get from a Google employee saying "yes, it is"?

I agree with you that we should always ask for transparency in how our data is handled and what is being done with it. I think, in this case, Google has done all it can do with regard to telling you what is happening with this data. In fact, Google has gone to great lengths to provide us a way to view all this aggregated data that is attached to our accounts. If you don't trust one answer, why would you trust a confirmation of that answer?

It's not like this is some sinister line of code that has been discovered. It's a setting on every phone going back three years. We *know* what it's intended purpose is. It explains what it does right there below the check box. The conclusion in the article is based on as much "fact" as you could possibly have, without personally, physically inspecting the code on Google's servers.

Besides, even if Google was sharing your WiFi password with the NSA, they wouldn't be able to tell you about it, thanks to all those FISA requests included a gag-order.

Just because it can be broken doesn't mean you should trust anyone with it who has no need to know. Backing up is also silly since if you forget it change it in the router. Just deleted from all my Androids.

Anyone trying to sneak their way on to someones network by getting a password through an android phone backup to Google's servers will most likely have go through a list of a few hundred networks before they find the one they are looking for (if they find it)

We're not talking about phone or network data here. You give that to Google all the time. The "panic" here is that (if you have this feature enabled) Google is storing your WiFi password on a server somewhere.

While true that the government probably *could* demand this information from Google with one of their gestapo "FISA Letters", they don't need to.

If they want your data, they don't have to get your WiFi password from Google, drive all the way to your house, connect to your WiFi and then "sniff" around your home network hoping they find something. They'll just send a "tasking" instruction to your ISP's router and wait for all your data to come to them.

Seriously, Google stores all of my emails exchanged with all my personal friends and family. Google having my wifi password is not exactly ranking high on my security concerns. If some Google employee wants to come sit outside my house and steal all the episodes of Adventure Time off my hard drive, I might as well let him. He clearly has nothing else going for him in life.

Either it does not work or I'm not using it correctly but I have to always enter my own wifi password for every new device I have gotten, 3 Nexus 4's and 3 Nexus 7's 2013 ( I had some issues and broke a few)

Perhaps more to the point, if a government agency really wants to surveil your home network, they probably don’t need Google’s help to do so.

I love you guys but you missed the point by at least 1 astronomical unit. A government needing to snoop on your home or anyone's home has to target one home at a time. A compromised Google system leaves god knows how many networks compromised in possibly one single datacollect. But again we have no idea how their system works in this regard. So knowing if at rest data is secure is damn important and moreso knowing what type of encryption the transmission method is using is just as important. In any event I turned off this feature simple from the standpoint that the NSA probably has a direct link on the internet's backbone and probably has something on a few of the core routers out there. I'm transmitting passwords all the time....I don't need to add my access point to that list.

Why would the government even NEED to get into your wireless network? With access to the backend (at ISP's) why would they even feel the need to see what is going on inside your house, i mean the communication between your devices is inconsequential, all the info they care about is moving in and out of the local network via your ISP, which they already have access too.

Silliness. Breaking into a WiFi network is absolutely trivial. The password might keep your neighbor from stealing your internet, but it's absolutely not going to stop any investigator who actually takes the time to drive within range.

Google should (IMO) break this out so that you can choose which data gets backed up so that you can save your contacts without storing WiFi passwords just to make this go away. But it's a wash really. In reality, my WiFi password is stored not just on my account, but presumably my wife's, both daughters' accounts, their boyfriends' accounts, and probably half their friends' accounts who come over.

With respect, Google's disclosure is neither clear nor complete, and it not only stores users' own WiFi networks' passwords, but those of networks on which they are trusted users. Also, whether or not Google "purges its servers" does not address whether it also purges the doubtless large numbers of backups of those servers. These data not only could give access to those WiFi networks, but also serve to associate accounts with particular networks. If, for example, an account was found to contain the non-public WiFi password to, say, an extremist group's compound network, that could implicate the account owner as a potential member of that group.

Google frequently claims transparency but largely fails at it. From the non-published list of companies Google owns and includes in its data collection (wholly owned subsidiary Zagat's, for example, is missing from Google's lists of its products, even though the Zagat Web site links to Google's privacy policy), to the still vague question of how much data Google is collecting and collating from its Glass users' environment, the company has too many fingers in too many pies for consumers to have any concept of how much data it collects, has, and uses. {Jonathan}

And no wonder my company does not rely on wifi passwords for security, instead has some convoluted certificate mechanism...
Most people miss the point: It isn't just about your home router wifi password. It is about every network you connect to. So all this while, when guests come home and use the wifi, they might as well have been uploading my wifi password to Google, even though: I wasn't an android user, they didn't know about this (not everyone is a geek), I didn't know about this. This is very sneaky.

Portions of this page are modifications based on work created and shared by the Android Open Source Project
and used according to terms described in the Creative Commons 2.5 Attribution License. AndroidCentral is an independent site
that is not affiliated with or endorsed by Google.